METHOD, NETWORK DEVICE AND VALUE-ADDED SERVICE DEVICE FOR DEPLOYING VALUE-ADDED SERVICE

(19)

(11)

EP 3 073 683 A1

(12)	EUROPEAN PATENT APPLICATION
	published in accordance with Art. 153(4) EPC

(43)	Date of publication:
	28.09.2016 Bulletin 2016/39

(21)	Application number: 13900383.4

(22)	Date of filing: 24.12.2013

(51)

International Patent Classification (IPC):

H04L 12/70^(2013.01)

(86)	International application number:
	PCT/CN2013/090360

(87)	International publication number:
	WO 2015/096043 (02.07.2015 Gazette 2015/26)

(84)	Designated Contracting States:
	AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR
	Designated Extension States:
	BA ME

(71)	Applicant: Huawei Technologies Co., Ltd.
	Longgang District Shenzhen, Guangdong 518129 (CN)

(72)	Inventors:
	ZHANG, Xianguo Shenzhen Guangdong 518129 (CN) SHI, Yang Shenzhen Guangdong 518129 (CN)

(74)	Representative: Maiwald Patentanwalts GmbH
	Engineering Elisenhof Elisenstrasse 3 80335 München 80335 München (DE)

(54)	METHOD, NETWORK DEVICE AND VALUE-ADDED SERVICE DEVICE FOR DEPLOYING VALUE-ADDED SERVICE

(57) The present invention provides a value-added service deployment method, a network device, and a value-added service device, and relates to the field of network communications. A network device receives a first registration request message sent by a value-added service device, where the first registration request message includes an IP address of the value-added service device; the network device acquires virtual system information of a virtual system generated by the value-added service device for the network device according to the first registration request message; the network device allocates a virtual slot and a slot number to the virtual system and sends the slot number to the virtual system according to the virtual system information; and the network device manages the virtual system as a value-added service board of the network device. The foregoing solution of the present invention can avoid a problem of complicated policy-based routing configuration that arises when the network device is connected to another value-added service device, implement on-demand deployment and flexible extension of a value-added service, and save a resource for the value-added service device.

Description

TECHNICAL FIELD

[0001] The present invention relates to the field of network communications, and in particular, to a value-added service deployment method, a network device, and a value-added service device.

BACKGROUND

[0002] In a communications network, a deployment location of a value-added service device such as a firewall, a load balancer, an intrusion prevention system (English: intrusion prevention system, IPS for short), a data loss prevention (English: data loss prevention, DLP for short) device, an anti-virus (English: anti-virus, AV for short) device, or an application acceleration device is usually closely associated with a network topology. That is, the value-added service device is generally deployed in a forwarding path of a service flow that needs to be processed by the value-added service device, or deployed on a network device (such as a router or a switch) in a forwarding path in bypass mode.

[0003] When the foregoing deployment manner is used, in each location in which value-added service processing is required, an independent value-added service device needs to be deployed according to a maximum capacity required in the location, which causes a waste of device resources. Furthermore, in the foregoing bypass deployment manner, complicated policy-based routing (policy-based routing) needs to be configured on the network device, to distribute a service flow that enters the network device to the value-added service device, which increases burden of configuration, management, and maintenance on the network device.

[0004] In addition, there is a solution named value-added service board. In the solution, an independent value-added service board is developed for each type of value-added service, and a corresponding value-added service is implemented by inserting a required value-added service board into a network device. Although this manner can simplify configuration of the network device and reduce burden on the network device, a dedicated value-added service board still needs to be configured for the network device in each location in which value-added service processing is required. Therefore, the problem of a device resource waste still exists. Further, a quantity of addable value-added service boards is limited by a design specification of the network device, and service extension is not flexible enough.

[0005] In conclusion, there is no value-added service deployment method that can save device resources and implement flexible service extension.

SUMMARY

[0006] In order to resolve the foregoing problems in the prior art, the present invention provides a value-added service deployment method, a network device, and a value-added service device, which can save device resources and implement flexible extension of a value-added service.

[0007] A first aspect of the present invention provides a value-added service deployment method, including:

receiving, by a network device, a first registration request message sent by a value-added service device, where the first registration request message includes an IP address of the value-added service device;

acquiring, according to the first registration request message, virtual system information of a virtual system generated by the value-added service device for the network device;

allocating a virtual slot and a slot number to the virtual system; and

sending the slot number to the virtual system according to the virtual system information, and managing the virtual system as a value-added service board of the network device.

[0008] With reference to the first aspect, in a first implementation manner of the first aspect, the acquiring, according to the first registration request message, virtual system information of a virtual system generated by the value-added service device for the network device includes:

sending a first allocation request message to the value-added service device according to the first registration request message, where the first allocation request message includes a service requirement of the network device;

receiving a first allocation response message sent by the value-added service device, where the first allocation response message includes the virtual system information of the virtual system generated by the value-added service device for the network device; and

acquiring the virtual system information from the first allocation response message.

[0009] With reference to the first aspect, in a second implementation manner of the first aspect, when the first registration request message further includes the virtual system information, the acquiring, according to the first registration request message, virtual system information of a virtual system generated by the value-added service device for the network device includes: acquiring, from the first registration request message, the virtual system information of the virtual system generated by the value-added service device for the network device.

[0010] With reference to the first aspect, or the first or the second implementation manner of the first aspect, in a third implementation manner of the first aspect,

before the receiving, by a network device, a first registration request message sent by a value-added service device, the method further includes:

receiving a configuration message sent by a management device, where the configuration message includes the IP address of the value-added service device; and establishing a first mapping relationship between an IP address of the network device and the IP address of the value-added service device according to the configuration message; and

after the receiving, by a network device, a first registration request message sent by a value-added service device, the method further includes: performing authentication on the value-added service device according to the first mapping relationship, and executing the step of acquiring virtual system information of a virtual system generated by the value-added service device for the network device after authentication succeeds.

[0011] With reference to the first aspect, or the first, the second, or the third implementation manner of the first aspect, in a fourth implementation manner of the first aspect, the method further includes: storing, in a mapping table, a second mapping relationship including the IP address of the value-added service device, the virtual system information, and the slot number.

[0012] With reference to the fourth implementation manner of the first aspect, in a fifth implementation manner of the first aspect, the method further includes: receiving a second registration request message sent by the value-added service device, after the value-added service device or the virtual system restarts, where the second registration request message includes the IP address of the value-added service device; and allocating the slot number to the virtual system according to the second registration request message.

[0013] With reference to the fifth implementation manner of the first aspect, in a sixth implementation manner of the first aspect, when the second registration request further includes the virtual system information, the allocating the slot number to the virtual system according to the second registration request message includes: searching the mapping table according to the virtual system information, to obtain the second mapping relationship, and allocating the slot number in the second mapping relationship to the virtual system.

[0014] With reference to the fifth implementation manner of the first aspect, in a seventh implementation manner of the first aspect, the allocating the slot number to the virtual system according to the second registration request message includes:

searching the mapping table according to the IP address of the value-added service device, to obtain the second mapping relationship;

sending a second allocation request message to the value-added service device, where the second allocation request message includes the virtual system information in the second mapping relationship;

receiving a second allocation response message sent by the value-added service device, where the second allocation response message includes the virtual system information; and

allocating the slot number in the second mapping relationship to the virtual system according to the second allocation response message.

[0015] With reference to the first aspect or any one of the first to the seventh implementation manners of the first aspect, in an eighth implementation manner of the first aspect, the method further includes:

establishing a bidirectional extended Generic Routing Encapsulation GRE tunnel between the network device and the virtual system according to the virtual system information, where the bidirectional extended GRE tunnel is used to carry an extended GRE-encapsulated message, and the extended GRE-encapsulated message includes a slot number field.

[0016] With reference to the eighth implementation manner of the first aspect, in a ninth implementation manner of the first aspect, the managing the virtual system as a value-added service board of the network device includes at least one of the following three manners:

receiving a heartbeat message periodically sent by the virtual system, and when the heartbeat message sent by the virtual system is not received after a preset time, suspending sending of a service flow that needs to be processed by the virtual system to the virtual system;

receiving a heartbeat message sent by the virtual system, where the heartbeat message includes a resource usage rate of the virtual system; and controlling, according to the resource usage rate, a service flow destined for the virtual system; and

receiving a heartbeat message sent by the virtual system, where the heartbeat message includes a control flag; and sending a service flow to the virtual system according to the control flag.

[0017] A second aspect of the present invention provides another value-added service deployment method, including:

receiving, by a value-added service device, a configuration message sent by a management device, where the configuration message includes an IP address of a network device;

generating, by the value-added service device, a first registration request message according to the configuration message, where the first registration request message includes an IP address of the value-added service device;

generating, by the value-added service device, a virtual system for the network device, and allocating virtual system information to the virtual system; and

sending, by the value-added service device, the first registration request message and the virtual system information to the network device, where the virtual system information is used to enable the network device to manage the virtual system as a value-added service board of the network device.

[0018] With reference to the second aspect, in a first implementation manner of the second aspect, the configuration message further includes a service requirement of the network device, where

the generating a virtual system for the network device includes: generating the virtual system for the network device according to the service requirement in the configuration message; and

the sending the first registration request message and the virtual system information to the network device includes: adding the virtual system information to the first registration request message, and sending, to the network device, the first registration request message to which the virtual system information is added.

[0019] With reference to the second aspect, in a second implementation manner of the second aspect,

the generating a virtual system for the network device includes: receiving a first allocation request message sent by the network device, where the first allocation request message includes a service requirement of the network device; and generating the virtual system for the network device according to the service requirement of the network device; and

the sending the first registration request message and the virtual system information to the network device includes: before the receiving a first allocation request message sent by the network device, sending the first registration request message to the network device; and sending the virtual system information to the network device by using a first allocation response message after the receiving a first allocation request message sent by the network device.

[0020] With reference to the second aspect, or the first or the second implementation manner of the second aspect, in a third implementation manner of the second aspect, after the generating a virtual system for the network device, and allocating virtual system information to the virtual system, the method further includes: storing, by the value-added service device in a mapping table, a mapping relationship between the IP address of the network device and the virtual system information.

[0021] With reference to the third implementation manner of the second aspect, in a fourth implementation manner of the second aspect, the method further includes: generating, by the value-added service device, after the value-added service device or the virtual system restarts, a second registration request message according to the mapping relationship, where the second registration request message includes the IP address of the value-added service device; acquiring, by the value-added service device, the virtual system information; and sending, by the value-added service device, the second registration request message and the virtual system information to the network device.

[0022] With reference to the fourth implementation manner of the second aspect, in a fifth implementation manner of the second aspect,

the acquiring, by the value-added service device, the virtual system information includes: acquiring, by the value-added service device, the virtual system information according to the mapping relationship; and

the sending, by the value-added service device, the second registration request message and the virtual system information to the network device includes: adding, by the value-added service device, the virtual system information to the second registration request message, and sending, to the network device, the second registration request message to which the virtual system information is added.

[0023] With reference to the fourth implementation manner of the second aspect, in a sixth implementation manner of the second aspect, the sending, by the value-added service device, the second registration request message and the virtual system information to the network device includes:

sending, by the value-added service device, the second registration request message to the network device;

receiving a second allocation request message sent by the network device, where the second allocation request message includes the virtual system information, and the second allocation request message is used to request the value-added service device to reallocate the virtual system to the network device;

searching the mapping table according to the second allocation request message, to obtain the mapping relationship;

generating a second allocation response message, after it is determined, according to the mapping relationship, that the virtual system is already allocated to the network device; and

sending the second allocation response message to the network device, where the second allocation response message includes the virtual system information.

[0024] A third aspect of the present invention provides a network device, including:

a receiving unit, configured to receive a first registration request message sent by a value-added service device, where the first registration request message includes an IP address of the value-added service device;

an acquiring unit, configured to acquire, according to the first registration request message, virtual system information of a virtual system generated by the value-added service device for the network device;

an allocating unit, configured to allocate a virtual slot and a slot number to the virtual system;

a sending unit, configured to send the slot number to the virtual system according to the virtual system information; and

a management unit, configured to manage the virtual system as a value-added service board of the network device.

[0025] With reference to the third aspect, in a first implementation manner of the third aspect, the acquiring unit is configured to:

send a first allocation request message to the value-added service device according to the first registration request message, where the first allocation request message includes a service requirement of the network device; receive a first allocation response message sent by the value-added service device, where the first allocation response message includes the virtual system information of the virtual system generated by the value-added service device for the network device; and acquire the virtual system information from the first allocation response message.

[0026] With reference to the third aspect, in a second implementation manner of the third aspect, the first registration request message further includes the virtual system information, and the acquiring unit is configured to acquire, from the first registration request message, the virtual system information of the virtual system generated by the value-added service device for the network device.

[0027] With reference to the third aspect, or the first or the second implementation manner of the third aspect, in a third implementation manner of the third aspect, the network device further includes an establishing unit and an authenticating unit, where

the receiving unit is further configured to receive a configuration message sent by a management device, where the configuration message includes the IP address of the value-added service device;

the establishing unit is configured to establish a first mapping relationship between an IP address of the network device and the IP address of the value-added service device according to the configuration message; and

the authenticating unit is configured to: perform authentication on the value-added service device according to the first mapping relationship, after the receiving unit receives the first registration request message sent by the value-added service device.

[0028] With reference to the third aspect, or the first, the second, or the third implementation manner of the third aspect, in a fourth implementation manner of the third aspect, the network device further includes a storage unit, configured to store, in a mapping table, a second mapping relationship including the IP address of the value-added service device, the virtual system information, and the slot number.

[0029] With reference to the fourth implementation manner of the third aspect, in a fifth implementation manner of the third aspect, the receiving unit is further configured to: receive a second registration request message sent by the value-added service device after the value-added service device or the virtual system restarts, where the second registration request message includes the IP address of the value-added service device; and the allocating unit is further configured to allocate the slot number to the virtual system according to the second registration request message.

[0030] With reference to the fifth implementation manner of the third aspect, in a sixth implementation manner of the third aspect, when the second registration request further includes the virtual system information, the allocating unit is configured to search the mapping table according to the virtual system information, to obtain the second mapping relationship, and allocate the slot number in the second mapping relationship to the virtual system.

[0031] With reference to the fifth implementation manner of the third aspect, in a seventh implementation manner of the third aspect, the allocating unit is configured to:

search the mapping table according to the IP address of the value-added service device, to obtain the second mapping relationship;

send a second allocation request message to the value-added service device, where the second allocation request message includes the virtual system information in the second mapping relationship;

receive a second allocation response message sent by the value-added service device, where the second allocation response message includes the virtual system information; and

allocate the slot number in the second mapping relationship to the virtual system according to the second allocation response message.

[0032] With reference to the third aspect or any one of the first to the seventh implementation manners of the third aspect, in an eighth implementation manner of the third aspect, the network device further includes a tunnel establishing unit, configured to establish a bidirectional extended Generic Routing Encapsulation GRE tunnel between the network device and the virtual system according to the virtual system information, where the bidirectional extended GRE tunnel is used to carry an extended GRE-encapsulated message, and the extended GRE-encapsulated message includes a slot number field.

[0033] With reference to the eighth implementation manner of the third aspect, in a ninth implementation manner of the third aspect, the management unit is configured to implement any one of the following three manners:

receiving a heartbeat message sent by the virtual system, where the heartbeat message includes a control flag; and sending a service flow to the virtual system according to the control flag.

[0034] A fourth aspect of the present invention provides a value-added service device, including:

a receiving unit, configured to receive a configuration message sent by a management device, where the configuration message includes an IP address of a network device;

a generating unit, configured to generate a first registration request message according to the configuration message, where the first registration request message includes an IP address of the value-added service device;

an allocating unit, configured to generate a virtual system for the network device, and allocate virtual system information to the virtual system; and

a sending unit, configured to send the first registration request message and the virtual system information to the network device, where the virtual system information is used to enable the network device to manage the virtual system as a value-added service board of the network device.

[0035] With reference to the fourth aspect, in a first implementation manner of the fourth aspect, the configuration message further includes a service requirement of the network device, where

the allocating unit is configured to generate the virtual system for the network device according to the service requirement in the configuration message, and allocate the virtual system information to the virtual system; and

the sending unit is configured to add the virtual system information to the first registration request message, and send, to the network device, the first registration request message to which the virtual system information is added.

[0036] With reference to the fourth aspect, in a second implementation manner of the fourth aspect,

the receiving unit is further configured to receive a first allocation request message sent by the network device, where the first allocation request message includes a service requirement of the network device;

the allocating unit is configured to generate the virtual system for the network device according to the service requirement of the network device, and allocate the virtual system information to the virtual system; and

the sending unit is configured to: before the receiving unit receives the first allocation request message sent by the network device, send the first registration request message to the network device; and send the virtual system information to the network device by using a first allocation response message after the receiving unit receives the first allocation request message sent by the network device.

[0037] With reference to the fourth aspect, or the first or the second implementation manner of the fourth aspect, in a third implementation manner of the fourth aspect, the value-added service device further includes a storage unit, configured to store, in a mapping table, a mapping relationship between the IP address of the network device and the virtual system information.

[0038] With reference to the third implementation manner of the fourth aspect, in a fourth implementation manner of the fourth aspect, the value-added service device further includes an acquiring unit, where

the generating unit is further configured to: generate a second registration request message according to the mapping relationship, after the value-added service device or the virtual system restarts, where the second registration request message includes the IP address of the value-added service device;

the acquiring unit is configured to acquire the virtual system information; and the sending unit is further configured to send the second registration request message and the virtual system information to the network device.

[0039] With reference to the fourth implementation manner of the fourth aspect, in a fifth implementation manner of the fourth aspect, the acquiring unit is configured to acquire the virtual system information according to the mapping relationship; and the sending unit is configured to add the virtual system information to the second registration request message, and send, to the network device, the second registration request message to which the virtual system information is added.

[0040] With reference to the fourth implementation manner of the fourth aspect, in a sixth implementation manner of the fourth aspect, the sending unit sends the second registration request message to the network device; the receiving unit is further configured to receive a second allocation request message sent by the network device, where the second allocation request message includes the virtual system information, and the second allocation request message is used to request the value-added service device to reallocate the virtual system to the network device; the generating unit is further configured to search the mapping table according to the second allocation request message, to obtain the mapping relationship; generate a second allocation response message, after it is determined, according to the mapping relationship, that the virtual system is already allocated to the network device, where the second allocation response message includes the virtual system information; and the sending unit is further configured to send the second allocation response message to the network device.

[0041] According to the present invention, a value-added service device and a network device are separately disposed, so that the value-added service device generates a virtual system for the network device according to a service requirement of the network device; and the network device allocates a virtual slot and a slot number to the virtual system, and manages the virtual system as a value-added service board of the network device. This avoids a problem of complicated policy-based routing configuration that arises when the network device is connected to another value-added service device, implements on-demand deployment and flexible extension of a value-added service, and saves a resource for the value-added service device. Furthermore, the network device communicates, through a bidirectional extended GRE tunnel, with the virtual system that is used as the value-added service board, thereby avoiding a problem of incompatibility between devices of different manufacturers that arises when a proprietary protocol is run between a main control board and a service board of the network device. In addition, the present invention ensures that, when the value-added service device or a virtual network restarts, a virtual network system can acquire, from the network device, a slot number the same as that before the value-added service device or the virtual system restarts, thereby avoiding a service conflict that may be caused by slot number reallocation.

BRIEF DESCRIPTION OF DRAWINGS

[0042] To describe the technical solutions in the embodiments of the present invention more clearly, the following briefly introduces the accompanying drawings required for describing the embodiments. Apparently, the accompanying drawings in the following description show merely some embodiments of the present invention, and a person of ordinary skill in the art may still derive other drawings from these accompanying drawings without creative efforts.

FIG. 1 is a schematic diagram of a structure of a network system according to an embodiment of the present invention;

FIG. 2 is a schematic flowchart of a value-added service deployment method according to an embodiment of the present invention;

FIG. 3 is a schematic flowchart of another value-added service deployment method according to an embodiment of the present invention;

FIG. 4 is a schematic diagram of a structure of an extended GRE-encapsulated message according to an embodiment of the present invention;

FIG. 5 is a schematic flowchart of another value-added service deployment method according to an embodiment of the present invention;

FIG. 6 is a schematic flowchart of another value-added service deployment method according to an embodiment of the present invention;

FIG. 7 is a schematic diagram of a structure of a network device according to an embodiment of the present invention;

FIG. 8 is a schematic diagram of a structure of another network device according to an embodiment of the present invention;

FIG. 9 is a schematic diagram of a structure of still another network device according to an embodiment of the present invention;

FIG. 10 is a schematic diagram of a structure of a value-added service device according to an embodiment of the present invention;

FIG. 11 is a schematic diagram of a structure of another value-added service device according to an embodiment of the present invention; and

FIG. 12 is a schematic diagram of a structure of still another value-added service device according to an embodiment of the present invention.

DESCRIPTION OF EMBODIMENTS

[0043] The following clearly describes the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Apparently, the described embodiments are merely some but not all of the embodiments of the present invention. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without creative efforts shall fall within the protection scope of the present invention.

[0044] FIG. 1 is a schematic diagram of a structure of a network system according to an embodiment of the present invention. As shown in FIG. 1, the network system includes a management device 11, a network device 12, and a value-added service device 13. The management device 11 is configured to manage the network device 12 and the value-added service device 13. There may be one or more network devices 12 and value-added service devices 13. The value-added service device 13 may provide a value-added service for multiple network devices 12 in a manner of establishing a virtual system (for example, 13-1 and 13-2 in FIG. 1) for each of the multiple network devices 12. In a case in which one network device 12 requires multiple value-added services, a quantity of virtual systems established for the network device 12 is the same as a quantity of value-added services required by the network device 12. The network device 12 may acquire the multiple value-added services in a manner of allocating a virtual slot (for example, 12-1 and 12-2 in FIG. 1) to each virtual system. The network device 12 may be a router or a network switch.

[0045] The management device 11 acquires a service requirement of the network device 12, where the service requirement includes a value-added service type and a value-added service specification that are required by the network device. The management device 11 allocates the value-added service device 13 to the network device 12 according to the service requirement of the network device 12. The service requirement may be configured by a network administrator on the management device 11 for the network device 12, or may be sent by the network device 12 to the management device 11. The management device 11 may take a network topology into consideration when allocating the value-added service device 13 to the network device 12, where the network topology is used to enable the management device 11 to select, from multiple value-added service devices 13 that can meet the service requirement, a value-added service device nearest to the network device 12.

[0046] The management device 11 may allocate multiple value-added service devices 13 to the network device 12 according to the service requirement. These value-added service devices 13 may separately provide different types of value-added services. In this embodiment, description is made by assuming that only one value-added service device 13 is allocated. After allocation is completed, the management device 11 sends a configuration message to the network device 12 and the value-added service device 13 respectively, where a configuration message is a message of a special type extended in this embodiment of the present invention, and is used to enable the network device 12 and the value-added service device 13 to establish a service group. A value-added service device in a service group can provide a value-added service for a network device in the service group.

[0047] A configuration message sent to the network device 12 includes an identifier of the value-added service device 13, and a configuration message sent to the value-added service device 13 includes an identifier of the network device 12.

[0048] Based on the network system shown in FIG. 1, an embodiment of the present invention provides a value-added service deployment method, where the method is executed by the network device 12. As shown in FIG. 2, the method includes the following steps.

[0049] 201. A network device receives a first registration request message sent by a value-added service device, where the first registration request message includes an IP address of the value-added service device.

[0050] The first registration request message is used to request the network device to establish a service group with the value-added service device, so that the value-added service device provides a value-added service for the network device.

[0051] 202. The network device acquires, according to the first registration request message, virtual system information of a virtual system generated by the value-added service device for the network device.

[0052] The virtual system is a virtual value-added service device that is generated by the value-added service device according to a service requirement of the network device and that is used to provide a value-added service for the network device.

[0053] The virtual system information includes an IP address of the virtual system, and may further include a device name, a virtual MAC address, a service type, and the like of the virtual system.

[0054] 203. The network device allocates a virtual slot and a slot number to the virtual system.

[0055] The virtual slot is used to implement a communication connection between the network device and the virtual system.

[0056] 204. The network device sends the slot number to the virtual system according to the virtual system information, and manages the virtual system as a value-added service board of the network device.

[0057] In the foregoing embodiment of the present invention, a value-added service device and a network device are separately disposed, so that the value-added service device generates a virtual system for the network device according to a service requirement of the network device; and the network device allocates a virtual slot and a slot number to the virtual system, and manages the virtual system as a value-added service board of the network device. This avoids a problem of complicated policy-based routing configuration that arises when the network device is connected to another value-added service device, implements on-demand deployment and flexible extension of a value-added service, and saves a resource for the value-added service device.

[0058] As shown in FIG. 3, based on the embodiment shown in FIG. 2, an embodiment of the present invention provides another value-added service deployment method device. The method includes:

301. A network device receives a configuration message sent by a management device, where the configuration message includes an IP address of a value-added service device.

[0059] The configuration message is used to enable the network device to establish a service group with the value-added service device, so that the network device can accept a value-added service provided by the value-added service device.

[0060] 302. The network device establishes a first mapping relationship between an IP address of the network device and the IP address of the value-added service device according to the configuration message.

[0061] 303. The network device receives a first registration request message sent by the value-added service device, where the first registration request message includes the IP address of the value-added service device.

[0062] The first registration request message is used to request the network device to establish a service group with the value-added service device, so that the value-added service device provides a value-added service for the network device.

[0063] 304. The network device performs authentication on the value-added service device according to the first mapping relationship and the IP address of the value-added service device.

[0064] That is, the network device determines whether the IP address of the value-added service device is the IP address of the value-added service device in the first mapping relationship. If the IP address of the value-added service device is the IP address of the value-added service device in the first mapping relationship, authentication on the value-added service device succeeds; if the IP address of the value-added service device is not the IP address of the value-added service device in the first mapping relationship, authentication on the value-added service device fails. After authentication on the value-added service device succeeds, the network device continues to execute step 305.

[0065] 305. The network device acquires, according to the first registration request message, virtual system information of a virtual system generated by the value-added service device for the network device.

[0066] Specifically, after determining that the value-added service device is a device that is selected by the management device and that is capable of providing a value-added service for the network device, the network device acquires the virtual system information of the virtual system generated by the value-added service device for the network device.

[0067] In an embodiment, after receiving a configuration message sent by the management device, the value-added service device generates a virtual system for the network device according to a service requirement of the network device in the configuration message, allocates virtual system information to the virtual system, adds the virtual system information to the first registration request message, and sends the first registration request message to the network device. In this case, when the first registration request message further includes the virtual system information, the network device acquires the virtual system information from the first registration request message.

[0068] In another embodiment, the configuration message does not include a service requirement of the network device. After receiving a configuration message sent by the management device, the value-added service device does not immediately generate a virtual system for the network device according to the configuration message. Therefore, the first registration request message does not include the virtual system information. In this case, the network device sends a first allocation request message to the value-added service device according to the first registration request message, where the first allocation request message includes the service requirement of the network device, and is used to request the value-added service device to generate the virtual system for the network device according to the service requirement. Then, the network device receives a first allocation response message sent by the value-added service device, where the first allocation response message includes the virtual system information of the virtual system generated by the value-added service device for the network device, and the network device acquires the virtual system information from the first allocation response message.

[0069] 306. The network device allocates a virtual slot and a slot number to the virtual system.

[0070] The virtual slot is used to implement a communication connection between the network device and the virtual system.

[0071] The network device allocates the slot number to the virtual slot, which is specifically numbering virtual slot sequentially after a physical slot. For example, if the network device already has three physical slots with slot numbers 1, 2, and 3 respectively, the network device allocates a slot number 4 to a virtual slot of a first virtual system, a slot number 5 to a virtual slot of a second virtual system, and so on. Because the virtual system is in a one-to-one correspondence with the slot number, the slot number enables the network device to identify the virtual system.

[0072] 307. The network device sends the slot number to the virtual system according to the virtual system information, and manages the virtual system as a value-added service board of the network device.

[0073] Before the network device sends the slot number to the virtual system according to the virtual system information, optionally, the method further includes: establishing a tunnel between the network device and the virtual system by using the virtual slot. The tunnel is preferably a bidirectional extended Generic Routing Encapsulation (English: Generic Routing Encapsulation, GRE for short) tunnel. A message sent between the virtual system and the network device is an extended GRE-encapsulated message, and the extended GRE-encapsulated message includes at least the slot number. The bidirectional extended GRE tunnel may be automatically generated between the network device and the virtual system, or may be manually configured by an administrator.

[0074] A conventional GRE-encapsulated message includes an outer tunnel header, a GRE header, and a payload. The extended GRE-encapsulated message is generated by adding a fabric header (English: fabric header) to an original GRE-encapsulated packet. The fabric header may be added between the GRE header and the payload. FIG. 4 shows a schematic diagram of a structure of a packet in which the fabric header is added between the GRE header and the payload. The fabric header includes at least a slot number (field name: SlotID) field, and the fabric header may further include the following fields: type (English: Type), attribute (English: Attribute), bandwidth (English: Bandwidth), and control flag (English: Control flag). Meanings of the fields are as follows:

Type is used to represent a message type. For example, if a value of the Type field is 0, it indicates that the packet is a heartbeat (English: heartbeat) message; if a value of the Type field is 1, it indicates that the packet is a service (English: service) packet.

[0075] SlotID is used to carry a slot number of a message sender. When the message sender is the network device, SlotID is 0; when the message sender is a virtual system, SlotID is a slot number corresponding to the virtual system.

[0076] Attribute is used to represent an attribute of a virtual system corresponding to a SoltID, for example, whether the virtual system is a firewall or an IPS.

[0077] Occupancy is used to represent a resource usage rate of a virtual system corresponding to a SoltID.

[0078] Control flag is used to represent whether a virtual system allows the network device to send a service flow to the virtual system. For example, when Control flag is 1, it indicates that the network device is allowed to send a service flow to the virtual system; when Control flag is 0, it instructs the network device to stop sending a service flow to the virtual system.

[0079] In an embodiment of the present invention, the managing the virtual system as a value-added service board of the network device may include any one of the following three manners:

receiving, by the network device, a heartbeat message periodically sent by the virtual system, and when the heartbeat message sent by the virtual system is not received after a preset time, suspending sending of a service flow that needs to be processed by the virtual system to the virtual system;

receiving, by the network device, a heartbeat message sent by the virtual system, where the heartbeat message includes a resource usage rate of the virtual system; and controlling, by the network device according to the resource usage rate, a service flow destined for the virtual system, for example, discarding a service flow or a packet in a service flow that is beyond a processing capability of the virtual system, or directly forwarding a service flow or a packet in a service flow that is beyond a processing capability of the virtual system to a next hop of the service flow; and

receiving, by the network device, a heartbeat message sent by the virtual system, where the heartbeat message includes a control flag; and sending, by the network device, a service flow to the virtual system according to the control flag, where the control flag may indicate that the network device is allowed to send a service flow to the virtual system, or instruct the network device to stop sending a service flow to the virtual system.

[0080] In another embodiment of the present invention, after the network device allocates the slot number to the virtual system, the network device further stores, in a mapping table, a second mapping relationship including the IP address of the value-added service device, the virtual system information, and the slot number.

[0081] After the value-added service device or the virtual system restarts, the method further includes:

receiving, by the network device, a second registration request message sent by the value-added service device, where the second registration request message includes the IP address of the value-added service device. Optionally, the second registration request message further includes the virtual system information. When the second registration request message further includes the virtual system information, the network device searches the mapping table according to the virtual system information, to obtain the second mapping relationship, and sends the slot number to the virtual system according to the virtual system information in the second mapping relationship. When the second registration request message does not include the virtual system information, the network device searches the mapping table according to the IP address of the value-added service device, to obtain the second mapping relationship; the network device sends a second allocation request message to the value-added service device, where the second allocation request message includes the virtual system information in the second mapping relationship, and is used to request the value-added service device to allocate the virtual system corresponding to the virtual system information to the network device; the network device receives a second allocation response message sent by the value-added service device, where the second allocation response message includes the virtual system information and indicates that the value-added service device agrees to allocate the virtual system to the network device; and the network device allocates the slot number in the second mapping relationship to the virtual system according to the second allocation response message.

[0082] In the foregoing embodiment of the present invention, a value-added service device and a network device are separately disposed, so that the value-added service device generates a virtual system for the network device according to a service requirement of the network device; and the network device allocates a virtual slot and a slot number to the virtual system, and manages the virtual system as a value-added service board of the network device. This avoids a problem of complicated policy-based routing configuration that arises when the network device is connected to another value-added service device, implements on-demand deployment and flexible extension of a value-added service, and saves a resource for the value-added service device. Furthermore, the network device communicates, through a bidirectional extended GRE tunnel, with the virtual system that is used as the value-added service board, thereby avoiding a problem of incompatibility between devices of different manufacturers that arises when a proprietary protocol is run between a main control board and a service board of the network device. In addition, this embodiment of the present invention ensures that, when the value-added service device or a virtual network restarts, a virtual network system can acquire, from the network device, a slot number the same as that before the value-added service device or the virtual system restarts, thereby avoiding a service conflict that may be caused by slot number reallocation.

[0083] Based on the network system shown in FIG. 1, an embodiment of the present invention provides another value-added service deployment method, where the method is executed by the value-added service device 13. As shown in FIG. 5, the method includes the following steps.

[0084] 501. A value-added service device receives a configuration message sent by a management device, where the configuration message includes an IP address of a network device.

[0085] As described above, the configuration message is used to enable the value-added service device to establish a service group with the network device, and provide a value-added service for the network device.

[0086] 502. The value-added service device generates a first registration request message according to the configuration message, where the first registration request message includes an IP address of the value-added service device.

[0087] The first registration request message is used to request the network device to establish a service group with the value-added service device, so that the value-added service device provides a value-added service for the network device.

[0088] 503. The value-added service device generates a virtual system for the network device, and allocates virtual system information to the virtual system.

[0089] In addition, the value-added service device further allocates, to the virtual system, a resource for value-added service processing.

[0090] 504. The value-added service device sends the first registration request message and the virtual system information to the network device, where the virtual system information is used to enable the network device to manage the virtual system as a value-added service board of the network device.

[0091] An execution sequence of the foregoing step 502, step 503 and step 504 may be different in different implementation manners.

[0092] For example, in an implementation manner, when the configuration message further includes a service requirement of the network device, step 503 specifically includes: generating the virtual system for the network device according to the service requirement in the configuration message; and step 504 preferably includes: adding, by the value-added service device, the virtual system information to the first registration request message, and sending, to the network device, the first registration request message to which the virtual system information is added. Certainly, in this case, in step 504, the value-added service device may also send the virtual system information separately by using another message.

[0093] In another embodiment, when the configuration message does not include a service requirement of the network device, step 503 optionally further includes:

503a. The value-added service device receives a first allocation request message sent by the network device, where the first allocation request message includes a service requirement of the network device.

[0094] The first allocation request message is used to request the value-added service device to generate the virtual system for the network device according to the service requirement.

[0095] 503b. Generate the virtual system for the network device according to the service requirement of the network device, and allocate a virtual system identifier to the virtual system.

[0096] Step 504 specifically includes: before the first allocation request message sent by the network device is received, sending the first registration request message to the network device; and after the first allocation request message sent by the network device is received, sending the virtual system information to the network device by using a first allocation response message.

[0097] In the foregoing embodiment of the present invention, a value-added service device and a network device are separately disposed, so that the value-added service device generates a virtual system for the network device according to a service requirement of the network device; and the network device allocates a virtual slot and a slot number to the virtual system, and manages the virtual system as a value-added service board of the network device. This avoids a problem of complicated policy-based routing configuration that arises when the network device is connected to another value-added service device, implements on-demand deployment and flexible extension of a value-added service, and saves a resource for the value-added service device.

[0098] Based on the method shown in FIG. 5, an embodiment of the present invention provides another value-added service deployment method. As shown in FIG. 6, the method includes the following steps.

[0099] 601. A value-added service device receives a configuration message sent by a management device, where the configuration message includes an IP address of a network device.

[0100] 602. The value-added service device generates a first registration request message according to the configuration message, where the first registration request message includes an IP address of the value-added service device.

[0101] 603. The value-added service device generates a virtual system for the network device, and allocates virtual system information to the virtual system.

[0102] 604. The value-added service device sends the first registration request message and the virtual system information to the network device, where the virtual system information is used to enable the network device to manage the virtual system as a value-added service board of the network device.

[0103] The foregoing steps 601 to 604 are the same as steps 501 to 504 in FIG. 5.

[0104] The method may further include:

605. The value-added service device stores, in a mapping table, a mapping relationship between the IP address of the network device and the virtual system information.

606. The virtual system receives, from the network device, a slot number allocated by the network device to the virtual system, and communicates with the network device as the value-added service board of the network device.

[0105] The slot number is the slot number in step 307. The virtual system establishes a bidirectional extended GRE tunnel, which is described in the previous embodiment, between the network device and the virtual system, to communicate with the network device.

[0106] That the virtual system communicates with the network device as the value-added service board of the network device may include:

sending a heartbeat message to the network device, where the heartbeat message includes the slot number of the virtual system; or

sending a heartbeat message to the network device, where the heartbeat message includes the slot number of the virtual system and a resource usage rate of the virtual system; or

sending a heartbeat message to the network device, where the heartbeat message includes the slot number of the virtual system and a control flag, where the control flag may instruct the network device to start sending a service flow to the virtual system, or instruct the network device to stop sending a service flow to the virtual system.

[0107] After the value-added service device or the virtual system restarts, optionally, this embodiment of the present invention further includes the following steps:

607. The value-added service device generates a second registration request message according to the mapping relationship, where the second registration request message includes the IP address of the value-added service device.

[0108] Because the virtual system is generated by the value-added service device and runs on the value-added service device, no matter whether the value-added service device restarts or the virtual system restarts, the value-added service device can perceive the restart. When the value-added service device restarts, the value-added service device generates a second registration request message separately for all network devices in the mapping table; when the virtual system restarts, the value-added service device generates a second registration request message for a network device corresponding to the virtual system.

[0109] 608. The value-added service device acquires the virtual system information.

[0110] 609. The value-added service device sends the second registration request message and the virtual system information to the network device.

[0111] An execution sequence of the foregoing step 607, step 608 and step 609 may be different in different embodiments.

[0112] For example, according to an embodiment of the present invention, in step 608, the value-added service device actively acquires the virtual system information from the mapping relationship, and step 609 preferably includes: adding, by the value-added service device, the virtual system information to the second registration request message, and sending, to the network device, the second registration request message to which the virtual system information is added. Certainly, in this case, in step 609, the value-added service device may also send the virtual system information separately by using another message.

[0113] In another embodiment, when the second registration request message includes the virtual system information, step 609 includes: receiving, by the value-added service device, a second allocation request message sent by the network device, where the second allocation request message includes the virtual system information, and the second allocation request message is used to request the value-added service device to reallocate the virtual system corresponding to the virtual system information to the network device; searching the mapping table according to the second allocation request message, to obtain the mapping relationship; and after it is determined, according to the mapping relationship, that the virtual system is already allocated to the network device, generating a second allocation response message and sending the second allocation response message to the network device, where the second allocation response message includes the virtual system information.

[0114] 610. The virtual system receives, from the network device, a slot number allocated by the network device to the virtual system, where the allocated slot number is the same as the slot number in step 606.

[0115] In the foregoing embodiment of the present invention, a value-added service device and a network device are separately disposed, so that the value-added service device generates a virtual system for the network device according to a service requirement of the network device; and the network device allocates a virtual slot and a slot number to the virtual system, and manages the virtual system as a value-added service board of the network device. This avoids a problem of complicated policy-based routing configuration that arises when the network device is connected to another value-added service device, implements on-demand deployment and flexible extension of a value-added service, and saves a resource for the value-added service device. Furthermore, the network device communicates, through a bidirectional extended GRE tunnel, with the virtual system that is used as the value-added service board, thereby avoiding a problem of incompatibility between devices of different manufacturers that arises when a proprietary protocol is run between a main control board and a service board of the network device. In addition, this embodiment of the present invention ensures that, when the value-added service device or a virtual network restarts, a virtual network system can acquire, from the network device, a slot number the same as that before the value-added service device or the virtual system restarts, thereby avoiding a service conflict that may be caused by slot number reallocation.

[0116] In order to implement the embodiment shown in FIG. 2 of the present invention, an embodiment of the present invention provides a network device 700. The network device 700 may be the network device in FIG. 1. As shown in FIG. 7, the network device 700 includes: a receiving unit 701, an acquiring unit 702, an allocating unit 703, a sending unit 704, and a management unit 705.

[0117] The receiving unit 701 is configured to receive a first registration request message sent by a value-added service device, where the first registration request message includes an IP address of the value-added service device.

[0118] The acquiring unit 702 is configured to acquire, according to the first registration request message, virtual system information of a virtual system generated by the value-added service device for the network device.

[0119] The allocating unit 703 is configured to allocate a virtual slot and a slot number to the virtual system.

[0120] The sending unit 704 is configured to send the slot number to the virtual system according to the virtual system information.

[0121] The management unit 705 is configured to manage the virtual system as a value-added service board of the network device.

[0122] Further, in order to implement the method shown in FIG. 3, as shown in FIG. 8, the network device 700 further includes an establishing unit 706 and an authenticating unit 707.

[0123] The receiving unit 701 is further configured to receive a configuration message sent by a management device, where the configuration message includes the IP address of the value-added service device.

[0124] The establishing unit 706 is configured to establish a first mapping relationship between an IP address of the network device and the IP address of the value-added service device according to the configuration message.

[0125] The authenticating unit 707 is configured to: after the receiving unit 701 receives the first registration request message sent by the value-added service device, perform authentication on the value-added service device according to the first mapping relationship and the IP address of the value-added service device.

[0126] The acquiring unit 702 is configured to: after the authenticating unit 707 successfully authenticates the value-added service device, acquire, according to the first registration request message, the virtual system information of the virtual system generated by the value-added service device for the network device.

[0127] In an embodiment, when the first registration request message further includes the virtual system information, the acquiring unit 702 acquires the virtual system information from the first registration request message.

[0128] In another embodiment, the acquiring unit 702 is configured to: send a first allocation request message to the value-added service device according to the first registration request message, where the first allocation request message includes a service requirement of the network device, and is used to request the value-added service device to generate the virtual system for the network device according to the service requirement; receive a first allocation response message sent by the value-added service device, where the first allocation response message includes the virtual system information of the virtual system generated by the value-added service device for the network device; and acquire the virtual system information from the first allocation response message.

[0129] In another embodiment, the network device further includes a storage unit, configured to store, in a mapping table, a second mapping relationship including the IP address of the value-added service device, the virtual system information, and the slot number.

[0130] The receiving unit 701 is further configured to: after the value-added service device or the virtual system restarts, receive a second registration request message sent by the value-added service device, where the second registration request message includes the IP address of the value-added service device, and the allocating unit 703 is further configured to allocate the slot number to the virtual system according to the second registration request message.

[0131] Specifically, when the second registration request further includes the virtual system information, the allocating unit 703 is configured to search the mapping table according to the virtual system information, to obtain the second mapping relationship, and allocate the slot number in the second mapping relationship to the virtual system.

[0132] When the second registration request does not include the virtual system information, the allocating unit 703 is configured to: search the mapping table according to the IP address of the value-added service device, to obtain the second mapping relationship; send a second allocation request message to the value-added service device, where the second allocation request message includes the virtual system information in the second mapping relationship; receive a second allocation response message sent by the value-added service device, where the second allocation response message includes the virtual system information, and the second allocation response message indicates that the value-added service device agrees to allocate the virtual system corresponding to the virtual system information to the network device; and allocate the slot number in the second mapping relationship to the virtual system according to the second allocation response message.

[0133] In another embodiment, the network device further includes a tunnel establishing unit, configured to establish a bidirectional extended Generic Routing Encapsulation GRE tunnel between the network device and the virtual system according to the virtual system information, where the bidirectional extended GRE tunnel is used to carry an extended GRE-encapsulated message, and the extended GRE-encapsulated message includes a slot number field.

[0134] In another embodiment, the management unit 705 is configured to: receive a heartbeat message periodically sent by the virtual system, and when the heartbeat message sent by the virtual system is not received after a preset time, suspend sending of a service flow that needs to be processed by the virtual system to the virtual system; or receive a heartbeat message sent by the virtual system, where the heartbeat message includes a resource usage rate of the virtual system, and control, according to the resource usage rate, a service flow destined for the virtual system; or receive a heartbeat message sent by the virtual system, where the heartbeat message includes a control flag, and send a service flow to the virtual system according to the control flag. The control flag may instruct the network device to start sending a service flow to the virtual system, or instruct the network device to stop sending a service flow to the virtual system.

[0135] An embodiment of the present invention further provides a computing node 900. The computing node may be a host server having a computing capability, a router, a network switch, or the like, and specific implementation of the computing node is not limited in a specific embodiment of the present invention. As shown in FIG. 9, the computing node 900 includes:

a processor (English: processor) 910, a communications interface (English: communications interface) 920, a memory (English: memory) 930, and a bus 940.

[0136] The processor 910, the communications interface 920, and the memory 930 communicate with each other by using the bus 940.

[0137] The communications interface 920 is configured to communicate with a network element such as a management device 11 and a value-added service device 13. The communications interface 920 may be implemented by using an optical transceiver, an electrical transceiver, a wireless transceiver, or any combination thereof. For example, the optical transceiver may be a small form-factor pluggable (English: small form-factor pluggable transceiver, SFP for short) transceiver (English: transceiver), an enhanced small form-factor pluggable (English: enhanced small form-factor pluggable, SFP+ for short) transceiver, or a 10 Gigabit small form-factor pluggable (English: 10 Gigabit small form-factor pluggable, XFP for short) transceiver. The electrical transceiver may be an Ethernet (English: Ethernet) network interface controller (English: network interface controller, NIC for short). The wireless transceiver may be a wireless network interface controller (English: wireless network interface controller, WNIC for short). The communications interface 920 may include multiple physical interfaces. For example, the communications interface 920 includes multiple Ethernet interfaces.

[0138] The processor 910 is configured to execute a program 932.

[0139] Specifically, the program 932 may include program code, where the program code includes a computer operation instruction.

[0140] The processor 910 may be a central processing unit (English: central processing unit, CPU for short), or an application-specific integrated circuit (English: application-specific integrated circuit, ASIC for short).

[0141] The memory 930 is configured to store the program 932. The memory 930 may include a volatile memory (English: volatile memory), such as a random access memory (English: random-access memory, RAM for short); the memory 930 may also include a non-volatile memory (English: non-volatile memory), such as a read-only memory (English: read-only memory, ROM for short), a flash memory (English: flash memory), a hard disk (English: hard disk drive, HDD for short), or a solid-state disk (English: solid-state drive, SSD for short); the memory 930 may further include a combination of memories of the foregoing types.

[0142] The processor 910 is configured to execute the method shown in FIG. 2 or FIG. 3 according to the program 932.

[0143] In the foregoing embodiment of the present invention, a value-added service device and a network device are separately disposed, so that the value-added service device generates a virtual system for the network device according to a service requirement of the network device; and the network device allocates a virtual slot and a slot number to the virtual system, and manages the virtual system as a value-added service board of the network device. This avoids a problem of complicated policy-based routing configuration that arises when the network device is connected to another value-added service device, implements on-demand deployment and flexible extension of a value-added service, and saves a resource for the value-added service device. Furthermore, the network device communicates, through a bidirectional extended GRE tunnel, with the virtual system that is used as the value-added service board, thereby avoiding a problem of incompatibility between devices of different manufacturers that arises when a proprietary protocol is run between a main control board and a service board of the network device. In addition, this embodiment of the present invention ensures that, when the value-added service device or a virtual network restarts, a virtual network system can acquire, from the network device, a slot number the same as that before the value-added service device or the virtual system restarts, thereby avoiding a service conflict that may be caused by slot number reallocation.

[0144] In order to implement the embodiment shown in FIG. 5 of the present invention, an embodiment of the present invention provides a value-added service device 10. The value-added service device 10 may be the value-added service device in FIG. 1. As shown in FIG. 10, the value-added service device 10 includes: a receiving unit 1001, a generating unit 1002, an allocating unit 1003, and a sending unit 1004.

[0145] The receiving unit 1001 is configured to receive a configuration message sent by a management device, where the configuration message includes an IP address of a network device.

[0146] The generating unit 1002 is configured to generate a first registration request message according to the configuration message, where the first registration request message includes an IP address of the value-added service device.

[0147] The allocating unit 1003 is configured to generate a virtual system for the network device, and allocate virtual system information to the virtual system.

[0148] The sending unit 1004 is configured to send the first registration request message and the virtual system information to the network device, where the virtual system information is used to enable the network device to manage the virtual system as a value-added service board of the network device.

[0149] In an embodiment, the configuration message received by the receiving unit 1001 further includes a service requirement of the network device, and the allocating unit 1003 is configured to generate the virtual system for the network device according to the service requirement in the configuration message, and allocate the virtual system information to the virtual system; and the sending unit 1004 is configured to add the virtual system information to the first registration request message, and send, to the network device, the first registration request message to which the virtual system information is added.

[0150] In another embodiment, the receiving unit 1001 is further configured to receive a first allocation request message sent by the network device, where the first allocation request message includes a service requirement of the network device; the allocating unit 1003 is configured to generate the virtual system for the network device according to the service requirement of the network device, and allocate the virtual system information to the virtual system; and the sending unit 1004 is configured to: before the receiving unit receives the first allocation request message sent by the network device, send the first registration request message to the network device; and after the receiving unit receives the first allocation request message sent by the network device, send the virtual system information to the network device by using a first allocation response message.

[0151] As shown in FIG. 11, to further execute the method shown in FIG. 6, based on FIG. 10, the value-added service device 10 further includes a storage unit 1005 and an acquiring unit 1006.

[0152] The storage unit 1005 is configured to store, in a mapping table, a mapping relationship between the IP address of the network device and the virtual system information.

[0153] The generating unit 1002 is further configured to: after the value-added service device or the virtual system restarts, generate a second registration request message according to the mapping relationship, where the second registration request message includes the IP address of the value-added service device.

[0154] The acquiring unit 1006 is configured to acquire the virtual system information.

[0155] The sending unit 1004 is further configured to send the second registration request message and the virtual system information to the network device.

[0156] In an embodiment, the acquiring unit 1006 is configured to acquire the virtual system information according to the mapping relationship, that is, read the virtual system information from the mapping relationship.

[0157] The sending unit 1004 is further configured to add the virtual system information to the second registration request message, and send, to the network device, the second registration request message to which the virtual system information is added.

[0158] In another embodiment, the sending unit 1004 is further configured to send the second registration request message to the network device; the receiving unit 1001 is further configured to receive a second allocation request message sent by the network device, where the second allocation request message includes the virtual system information, and the second allocation request message is used to request the value-added service device to reallocate the virtual system to the network device; the generating unit 1002 is further configured to search the mapping table according to the second allocation request message, to obtain the mapping relationship, and after it is determined, according to the mapping relationship, that the virtual system is already allocated to the network device, generate a second allocation response message, where the second allocation response message includes the virtual system information; and the sending unit 1004 is further configured to send the second allocation response message to the network device.

[0159] An embodiment of the present invention further provides a computing node 1200. The computing node may be a host server having a computing capability, a value-added service device, or the like, and specific implementation of the computing node is not limited in a specific embodiment of the present invention. As shown in FIG. 12, the computing node 1200 includes:

a processor (English: processor) 1210, a communications interface (English: communications interface) 1220, a memory (English: memory) 1230, and a bus 1240.

[0160] The processor 1210, the communications interface 1220, and the memory 1230 communicate with each other by using the bus 1240.

[0161] The communications interface 1220 is configured to communicate with a network element such as a management device 11 and a network device 12. The communications interface 1220 may be implemented by using an optical transceiver, an electrical transceiver, a wireless transceiver, or any combination thereof. For example, the optical transceiver may be a small form-factor pluggable (English: small form-factor pluggable transceiver, SFP for short) transceiver (English: transceiver), an enhanced small form-factor pluggable (English: enhanced small form-factor pluggable, SFP+ for short) transceiver, or a 10 Gigabit small form-factor pluggable (English: 10 Gigabit small form-factor pluggable, XFP for short) transceiver. The electrical transceiver may be an Ethernet (English: Ethernet) network interface controller (English: network interface controller, NIC for short). The wireless transceiver may be a wireless network interface controller (English: wireless network interface controller, WNIC for short). The communications interface 1220 may include multiple physical interfaces. For example, the communications interface 1220 includes multiple Ethernet interfaces.

[0162] The processor 1210 is configured to execute a program 1232.

[0163] Specifically, the program 1232 may include program code, where the program code includes a computer operation instruction.

[0164] The processor 1210 may be a central processing unit (English: central processing unit, CPU for short), or an application-specific integrated circuit (English: application-specific integrated circuit, ASIC for short).

[0165] The memory 1230 is configured to store the program 1232. The memory 1230 may include a volatile memory (English: volatile memory), such as a random access memory (English: random-access memory, RAM for short); the memory 1230 may also include a non-volatile memory (English: non-volatile memory), such as a read-only memory (English: read-only memory, ROM for short), a flash memory (English: flash memory), a hard disk (English: hard disk drive, HDD for short), or a solid-state disk (English: solid-state drive, SSD for short); the memory 1230 may further include a combination of memories of the foregoing types.

[0166] The processor 1210 is configured to execute the method shown in FIG. 5 or FIG. 6 according to the program 1232.

[0167] In the foregoing embodiment of the present invention, a value-added service device and a network device are separately disposed, so that the value-added service device generates a virtual system for the network device according to a service requirement of the network device; and the network device allocates a virtual slot and a slot number to the virtual system, and manages the virtual system as a value-added service board of the network device. This avoids a problem of complicated policy-based routing configuration that arises when the network device is connected to another value-added service device, implements on-demand deployment and flexible extension of a value-added service, and saves a resource for the value-added service device.

[0168] Division of the functional modules provided by the foregoing embodiments is merely exemplary. In actual application, the foregoing functions can be allocated to different functional modules and implemented according to a requirement, to implement all or some of the functions described above.

[0169] A person of ordinary skill in the art may understand that all or some of the steps of the methods in the embodiments may be implemented by a program instructing a processor. The program may be stored in a computer-readable storage medium. The storage medium is a non-transitory (English: non-transitory) medium and may be a random access memory, a read-only memory, a flash memory, a hard disk, a solid state disk, a magnetic tape (English: magnetic tape), a floppy disk (English: floppy disk), an optical disc (English: optical disc), and any combination thereof.

[0170] The foregoing descriptions are merely specific implementation manners of the present invention, but are not intended to limit the protection scope of the present invention. Any variation or replacement readily figured out by a person skilled in the art within the technical scope disclosed in the present invention shall fall within the protection scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims

1. A value-added service deployment method, comprising:

receiving, by a network device, a first registration request message sent by a value-added service device, wherein the first registration request message comprises an IP address of the value-added service device;

acquiring, according to the first registration request message, virtual system information of a virtual system generated by the value-added service device for the network device;

allocating a virtual slot and a slot number to the virtual system; and

sending the slot number to the virtual system according to the virtual system information, and managing the virtual system as a value-added service board of the network device.

2. The method according to claim 1, wherein the acquiring, according to the first registration request message, virtual system information of a virtual system generated by the value-added service device for the network device comprises:

sending a first allocation request message to the value-added service device according to the first registration request message, wherein the first allocation request message comprises a service requirement of the network device;

receiving a first allocation response message sent by the value-added service device, wherein the first allocation response message comprises the virtual system information of the virtual system generated by the value-added service device for the network device; and

acquiring the virtual system information from the first allocation response message.

3. The method according to claim 1, wherein when the first registration request message further comprises the virtual system information, the acquiring, according to the first registration request message, virtual system information of a virtual system generated by the value-added service device for the network device comprises: acquiring, from the first registration request message, the virtual system information of the virtual system generated by the value-added service device for the network device.

4. The method according to any one of claims 1 to 3, wherein
before the receiving, by a network device, a first registration request message sent by a value-added service device, the method further comprises:

receiving a configuration message sent by a management device, wherein the configuration message comprises the IP address of the value-added service device; and

establishing a first mapping relationship between an IP address of the network device and the IP address of the value-added service device according to the configuration message; and

after the receiving, by a network device, a first registration request message sent by a value-added service device, the method further comprises:

performing authentication on the value-added service device according to the first mapping relationship, and executing the step of acquiring virtual system information of a virtual system generated by the value-added service device for the network device after authentication succeeds.

5. The method according to any one of claims 1 to 4, wherein the method further comprises:

storing, in a mapping table, a second mapping relationship comprising the IP address of the value-added service device, the virtual system information, and the slot number.

6. The method according to claim 5, wherein the method further comprises:

receiving a second registration request message sent by the value-added service device, after the value-added service device or the virtual system restarts, wherein the second registration request message comprises the IP address of the value-added service device; and

allocating the slot number to the virtual system according to the second registration request message.

7. The method according to claim 6, wherein when the second registration request further comprises the virtual system information, the allocating the slot number to the virtual system according to the second registration request message comprises:

searching the mapping table according to the virtual system information, to obtain the second mapping relationship, and allocating the slot number in the second mapping relationship to the virtual system.

8. The method according to claim 6, wherein the allocating the slot number to the virtual system according to the second registration request message comprises:

searching the mapping table according to the IP address of the value-added service device, to obtain the second mapping relationship;

sending a second allocation request message to the value-added service device, wherein the second allocation request message comprises the virtual system information in the second mapping relationship;

receiving a second allocation response message sent by the value-added service device, wherein the second allocation response message comprises the virtual system information; and

allocating the slot number in the second mapping relationship to the virtual system according to the second allocation response message.

9. The method according to any one of claims 1 to 8, wherein the method further comprises:

establishing a bidirectional extended Generic Routing Encapsulation GRE tunnel between the network device and the virtual system according to the virtual system information, wherein the bidirectional extended GRE tunnel is used to carry an extended GRE-encapsulated message, and the extended GRE-encapsulated message comprises a slot number field.

10. The method according to claim 9, wherein the managing the virtual system as a value-added service board of the network device comprises at least one of the following three manners:

receiving a heartbeat message sent by the virtual system, wherein the heartbeat message comprises a resource usage rate of the virtual system; and controlling, according to the resource usage rate, a service flow destined for the virtual system; and

receiving a heartbeat message sent by the virtual system, wherein the heartbeat message comprises a control flag; and sending a service flow to the virtual system according to the control flag.

11. A value-added service deployment method, comprising:

receiving, by a value-added service device, a configuration message sent by a management device, wherein the configuration message comprises an IP address of a network device;

generating, by the value-added service device, a first registration request message according to the configuration message, wherein the first registration request message comprises an IP address of the value-added service device;

generating, by the value-added service device, a virtual system for the network device, and allocating virtual system information to the virtual system; and

sending, by the value-added service device, the first registration request message and the virtual system information to the network device, wherein the virtual system information is used to enable the network device to manage the virtual system as a value-added service board of the network device.

12. The method according to claim 11, wherein the configuration message further comprises a service requirement of the network device, wherein
the generating a virtual system for the network device comprises: generating the virtual system for the network device according to the service requirement in the configuration message; and
the sending the first registration request message and the virtual system information to the network device comprises: adding the virtual system information to the first registration request message, and sending, to the network device, the first registration request message to which the virtual system information is added.

13. The method according to claim 11, wherein
the generating a virtual system for the network device comprises: receiving a first allocation request message sent by the network device, wherein the first allocation request message comprises a service requirement of the network device; and generating the virtual system for the network device according to the service requirement of the network device; and
the sending the first registration request message and the virtual system information to the network device comprises: before the receiving a first allocation request message sent by the network device, sending the first registration request message to the network device; and after the receiving a first allocation request message sent by the network device, sending the virtual system information to the network device by using a first allocation response message.

14. The method according to any one of claims 11 to 13, wherein after the generating a virtual system for the network device, and allocating virtual system information to the virtual system, the method further comprises:

storing, by the value-added service device in a mapping table, a mapping relationship between the IP address of the network device and the virtual system information.

15. The method according to claim 14, wherein the method further comprises:

generating, by the value-added service device, a second registration request message according to the mapping relationship, after the value-added service device or the virtual system restarts, wherein the second registration request message comprises the IP address of the value-added service device;

acquiring, by the value-added service device, the virtual system information; and

sending, by the value-added service device, the second registration request message and the virtual system information to the network device.

16. The method according to claim 15, wherein
the acquiring, by the value-added service device, the virtual system information comprises: acquiring, by the value-added service device, the virtual system information according to the mapping relationship; and
the sending, by the value-added service device, the second registration request message and the virtual system information to the network device comprises: adding, by the value-added service device, the virtual system information to the second registration request message, and sending, to the network device, the second registration request message to which the virtual system information is added.

17. The method according to claim 15, wherein
the sending, by the value-added service device, the second registration request message and the virtual system information to the network device comprises:

sending, by the value-added service device, the second registration request message to the network device;

receiving a second allocation request message sent by the network device, wherein the second allocation request message comprises the virtual system information, and the second allocation request message is used to request the value-added service device to reallocate the virtual system to the network device;

searching the mapping table according to the second allocation request message, to obtain the mapping relationship;

generating a second allocation response message, after it is determined, according to the mapping relationship, that the virtual system is already allocated to the network device; and

sending the second allocation response message to the network device, wherein the second allocation response message comprises the virtual system information.

18. A network device, comprising:

a receiving unit, configured to receive a first registration request message sent by a value-added service device, wherein the first registration request message comprises an IP address of the value-added service device;

an allocating unit, configured to allocate a virtual slot and a slot number to the virtual system;

a sending unit, configured to send the slot number to the virtual system according to the virtual system information; and

a management unit, configured to manage the virtual system as a value-added service board of the network device.

19. The network device according to claim 18, wherein the acquiring unit is configured to:

send a first allocation request message to the value-added service device according to the first registration request message, wherein the first allocation request message comprises a service requirement of the network device; receive a first allocation response message sent by the value-added service device, wherein the first allocation response message comprises the virtual system information of the virtual system generated by the value-added service device for the network device; and acquire the virtual system information from the first allocation response message.

20. The network device according to claim 18, wherein the first registration request message further comprises the virtual system information, and the acquiring unit is configured to acquire, from the first registration request message, the virtual system information of the virtual system generated by the value-added service device for the network device.

21. The network device according to any one of claims 18 to 20, further comprising an establishing unit and an authenticating unit, wherein
the receiving unit is further configured to receive a configuration message sent by a management device, wherein the configuration message comprises the IP address of the value-added service device;
the establishing unit is configured to establish a first mapping relationship between an IP address of the network device and the IP address of the value-added service device according to the configuration message; and
the authenticating unit is configured to: perform authentication on the value-added service device according to the first mapping relationship, after the receiving unit receives the first registration request message sent by the value-added service device.

22. The network device according to any one of claims 18 to 21, further comprising a storage unit, configured to store, in a mapping table, a second mapping relationship comprising the IP address of the value-added service device, the virtual system information, and the slot number.

23. The network device according to claim 22, wherein
the receiving unit is further configured to: receive a second registration request message sent by the value-added service device after the value-added service device or the virtual system restarts, wherein the second registration request message comprises the IP address of the value-added service device; and
the allocating unit is further configured to allocate the slot number to the virtual system according to the second registration request message.

24. The network device according to claim 23, wherein when the second registration request further comprises the virtual system information, the allocating unit is configured to search the mapping table according to the virtual system information, to obtain the second mapping relationship, and allocate the slot number in the second mapping relationship to the virtual system.

25. The network device according to claim 23, wherein the allocating unit is configured to:

search the mapping table according to the IP address of the value-added service device, to obtain the second mapping relationship;

send a second allocation request message to the value-added service device, wherein the second allocation request message comprises the virtual system information in the second mapping relationship;

receive a second allocation response message sent by the value-added service device, wherein the second allocation response message comprises the virtual system information; and

allocate the slot number in the second mapping relationship to the virtual system according to the second allocation response message.

26. The network device according to any one of claims 18 to 25, further comprising a tunnel establishing unit, configured to establish a bidirectional extended Generic Routing Encapsulation GRE tunnel between the network device and the virtual system according to the virtual system information, wherein the bidirectional extended GRE tunnel is used to carry an extended GRE-encapsulated message, and the extended GRE-encapsulated message comprises a slot number field.

27. The network device according to claim 26, wherein the management unit is configured to implement at least one of the following three manners:

receiving a heartbeat message sent by the virtual system, wherein the heartbeat message comprises a control flag; and sending a service flow to the virtual system according to the control flag.

28. A value-added service device, comprising:

a receiving unit, configured to receive a configuration message sent by a management device, wherein the configuration message comprises an IP address of a network device;

a generating unit, configured to generate a first registration request message according to the configuration message, wherein the first registration request message comprises an IP address of the value-added service device;

an allocating unit, configured to generate a virtual system for the network device, and allocate virtual system information to the virtual system; and

a sending unit, configured to send the first registration request message and the virtual system information to the network device, wherein the virtual system information is used to enable the network device to manage the virtual system as a value-added service board of the network device.

29. The value-added service device according to claim 28, wherein the configuration message further comprises a service requirement of the network device, wherein
the allocating unit is configured to generate the virtual system for the network device according to the service requirement in the configuration message, and allocate the virtual system information to the virtual system; and
the sending unit is configured to add the virtual system information to the first registration request message, and send, to the network device, the first registration request message to which the virtual system information is added.

30. The value-added service device according to claim 28, wherein
the receiving unit is further configured to receive a first allocation request message sent by the network device, wherein the first allocation request message comprises a service requirement of the network device;
the allocating unit is configured to generate the virtual system for the network device according to the service requirement of the network device, and allocate the virtual system information to the virtual system; and
the sending unit is configured to: before the receiving unit receives the first allocation request message sent by the network device, send the first registration request message to the network device; and after the receiving unit receives the first allocation request message sent by the network device, send the virtual system information to the network device by using a first allocation response message.

31. The value-added service device according to any one of claims 28 to 30, further comprising a storage unit, configured to store, in a mapping table, a mapping relationship between the IP address of the network device and the virtual system information.

32. The value-added service device according to claim 31, further comprising an acquiring unit, wherein
the generating unit is further configured to: generate a second registration request message according to the mapping relationship, after the value-added service device or the virtual system restarts, wherein the second registration request message comprises the IP address of the value-added service device;
the acquiring unit is configured to acquire the virtual system information; and
the sending unit is further configured to send the second registration request message and the virtual system information to the network device.

33. The value-added service device according to claim 32, wherein
the acquiring unit is configured to acquire the virtual system information according to the mapping relationship; and
the sending unit is configured to add the virtual system information to the second registration request message, and send, to the network device, the second registration request message to which the virtual system information is added.

34. The value-added service device according to claim 32, wherein
the sending unit is configured to send the second registration request message to the network device;
the receiving unit is further configured to receive a second allocation request message sent by the network device, wherein the second allocation request message comprises the virtual system information, and the second allocation request message is used to request the value-added service device to reallocate the virtual system to the network device;
the generating unit is further configured to search the mapping table according to the second allocation request message, to obtain the mapping relationship; and after it is determined, according to the mapping relationship, that the virtual system is already allocated to the network device, generate a second allocation response message, wherein the second allocation response message comprises the virtual system information; and
the sending unit is further configured to send the second allocation response message to the network device.

Drawing

Search report